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DETAILED ACTION 

This office action is in response to remarks filed on April 28, 2008. Original application 
contained Claims 1-24. Applicant currently amended Claims 5-8, 11, 12-24, and 17. Therefore, 
Claims 1-24 are pending for further consideration. 

Response to Arguments 
Applicant's arguments filed on April 28, 2008 have been fully considered but they are not 
persuasive because of the following reasons: 

Regarding Claims 1-24 applicants argued that the cited prior arts (CPA) [Stenman et al. 
(EP 1 178644 A2)] do not teach, "periodically generating a subsequent session key, and logoff 
message in encrypted form and including the secure key ". 

This is not found persuasive. The system of cited prior art teaches a method for providing 
security key management method for wireless local area network which involves generating 
IPsec authentication, encryption and decryption keys using certificates and private key for 
packets transferred between mobile terminal and server. 

In cited prior art, when the mobile terminal first associates with a respective access point 
in the network, it uses the IKE with private key and the certificates to generate the wireless local 
area network link level keys with that access point. Mutual authentication of both the mobile 
terminal and access point is achieved by this process. When end-to-end IPsec security is 
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employed, the mobile terminal uses the IKE to generate the authentication keys and ciphering 
keys with the network server. When transmitting packets, the IPsec kernel in the mobile terminal 
generates the Authentication Header (AH) and encrypts the packets. In the server, the packets are 
authenticated and decrypted. Link level session keys are used to encrypt traffic over the shared 
frequency and air space. 

Thus in cited prior art, the certificates are obtained from a certificate authority and a 
private key are used with Internet key exchange to generate a wireless local area network link 
level, and the mobile terminal and the access point are mutually authenticated. The keys are used 
to generate IPsec authentication, encryption and decryption keys for data packets transferred 
between the mobile terminal and the server. 

As a result, the system of cited prior art does implement and teaches a system and method 
that relates to wireless local area network secure session management (summary, Fig. 1-5, and 
col.5 line 44 to col.8 line 48). 

Applicants clearly have failed to explicitly identify specific claim limitations, which 
would define a patentable distinction over prior arts. 

The examiner is not trying to teach the invention but is merely trying to interpret the 
claim language in its broadest and reasonable meaning. The examiner will not interpret to read 
narrowly the claim language to read exactly from the specification, but will interpret the claim 
language in the broadest reasonable interpretation in view of the specification. Therefore, the 
examiner asserts that cited prior art does teach or suggest the subject matter broadly recited in 
independent Claims and in subsequent dependent Claims. Accordingly, rejections for claims 1- 
24 are respectfully maintained. 
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Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed publication in this 
or a foreign country, before the invention thereof by the applicant for a patent. 

Claims 1-24 are rejected under 35 U.S.C. 102(a) as being anticipated by Stenman et al. 
(EP 1178644 A2). 

1 . Regarding Claim 1 Stenman teach and describe a method for providing a secure 
communications session with a user terminal in a communications network (Fig. 3-5), the method 
comprising the steps of: transmitting first and second secure keys to the user terminal using a 
secure communications method, the first and second secure keys being suitable for storage in the 
user terminal for use during the secure communications session; encrypting and transmitting data 
to the user terminal using a current session key, and receiving and decrypting data received from 
the user terminal using the current session key, the first secure key initially being used as the 
current session key; and periodically generating by an access point a subsequent session key 
using the second secure key and using the subsequent session key as the current session key 
during subsequent communications between the communications network and the user terminal 
(col.5 line 44 to col.8 line 48). 
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2. Regarding Claim 4 Stenman teach and describe a method for providing a secure 
communications session with a mobile terminal in a wireless local access network, the method 
comprising the steps of: transmitting first and second secure keys to the mobile terminal using a 
secure communications method, the first and second secure keys being suitable for storage in tile 
mobile terminal for use during the secure communications session; encrypting and transmitting 
data to the mobile terminal using a current session key, and receiving and decrypting data 
received from the mobile terminal using the current session key, the first secure key initially 
being used as the current session key; and periodically generating a subsequent session key using 
the second secure key and using the subsequent session key as the current session key during 
subsequent communications with the mobile terminal (col.5 line 44 to col. 8 line 48). 

3. Regarding Claim 7 Stenman teach and describe a method for providing a secure 
communications session with a mobile terminal in a wireless local access network, the method 
comprising the steps of: generating a secure key; transmitting the secure key to the mobile 
terminal using a secure communications method, the secure key being stored in the mobile 
terminal for use during the secure communications session; encrypting and transmitting data to 
the mobile terminal using a current session key, and receiving and decrypting data received from 
the mobile terminal using the current session key; and ending the secure communications session 
by an access point in response to receiving a logoff message from the mobile terminal, the logoff 
message being in encrypted form and including the secure key (col.5 line 44 to col. 8 line 48). 
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4. Regarding Claim 8 Stenman teach and describe a method for providing a secure 
communications session with a mobile terminal in a wireless local access network the method 
comprising the steps of: generating first and second secure keys; transmitting the first and second 
secure keys to the wireless local area network using a secure communications method, the first 
and second secure keys being stored in the wireless local area network or use during the secure 
communications session; encrypting and transmitting data to the wireless local area network 
using a current session key, and receiving and decrypting data received from the wireless local 
area network using the current session key, the first secure key initially being used as the current 
session key; and periodically generating by the mobile terminal a subsequent session key using 
the second secure key and using the subsequent session key as the current session key during 
subsequent communications with the wireless local area network (col. 5 line 44 to col. 8 line 48). 

5. Regarding Claim 1 1 Stenman teach and describe a method for providing a secure 
communications session with a mobile terminal in a wireless local access network, the method 
comprising the steps of: generating a secure key; transmitting the secure key to the wireless local 
area network using a secure communications method, the secure key being stored in the wireless 
local area network for use during the secure communications session; encrypting and 
transmitting data to the wireless local area network using a current session key, and receiving 
and decrypting data received from the wireless local area network using the current session key; 
and ending the secure communications session in response to receiving a logoff message from 
the wireless local area network, the logoff message being in encrypted form and including the 
secure key(col.5 line 44 to col.8 line 48). 
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6. Regarding Claim 12 Stenman teach and describe a method for providing a secure 
communications session with a mobile terminal in a wireless local access network, the method 
comprising the steps of: installing at least two shared secrets on both the mobile terminal and the 
wireless local area network access point during the user- authentication phase whereby a first 
secret is the initial session key and a second secret is utilized as secure seed to generate 
subsequent session keys (col.5 line 44 to col.8 line 48). 

7. Regarding Claim 18 Stenman teach and describe a method for providing a secure 
communications session between a mobile terminal and a wireless local access network, the 
method comprising the steps of: a mobile terminal sending during session logoff an encrypted 
logoff request accompanied by the secure seed such that the secure seed appears in the logoff 
request (col.5 line 44 to col.8 line 48). 

8. Regarding Claim 19 Stenman teach and describe an access point for providing a secure 
communications session between a mobile terminal and a wireless local access network, 
comprising: a means for transmitting first and second secure keys to the mobile terminal using a 
secure communications method and a means to encrypt data using the first secure .key and a 
means to periodically generate a subsequent session key using the second secure key (col.5 line 
44 to col.8 line 48). 
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9. Regarding Claim 20 Stenman teach and describe a terminal device for providing a secure 
communications session with a communications network, comprising: 

a means to receive a secure key and a secure seed and a means to store the secure key and the 
secure seed for use during the secure communications session; a means to receive data and a 
means to decrypt the data using a current session key during the secure communications session, 
the secure key being using initially as the current session key; and a means to generate a 
subsequent session key using the current session key and the secure seed, the subsequent session 
key thereafter being used as the current session key for subsequent communications (col.5 line 
44 to col. 8 line 48). 

10. Regarding Claim 24, Stenman teach and describe an access point for providing a secure 
communications session between a mobile terminal and a wireless local area network, 
comprising: a means to transmit a secure key and a secure seed and a means to store the secure 
key and the secure seed for use during the secure communications session; 

a means to encrypt data and a means to transmit data to the mobile terminal and a means to 
receive data and a means to decrypt the data from the mobile terminal using a current session key 
during the secure communications session, the secure key being using initially as the current 
session key; and a means to generate a subsequent session key using the current session key and 
the secure seed, the subsequent session key thereafter being used as the current session key for 
subsequent communications (col.5 line 44 to col.8 line 48) 
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10. Claims 2-3, 5-6, 9-10, 13-7, and 21-23 are rejected applied as above rejecting Claims 1, 
4, 8, 12, and 20. Furthermore, Stenman teach and describe a method for providing a secure 
communications session between a mobile terminal and a wireless local access network, 
wherein: 

- logging off the user terminal in response to an encrypted logoff request from the user 
terminal accompanied by the second secure key, and periodically generating step comprises 
generating the access point a subsequent session key by concatenating the current session key 
with the second secure key and applying a hash algorithm (col. 5 line 17 to col.6 line 41). 

the periodically generating step comprises generating the access point a subsequent 
session key: by concatenating the new key and the second secure key and running a hash 
algorithm to generate the subsequent session key, and by using a combination of a new key and 
the second secure key, the new key being generated using the first secure key (col.5 line 17 to 
col.6 line 41). 

the periodically generating step comprises generating a subsequent session key by 
concatenating the new key and the second secure key and running a hash algorithm to generate 
the subsequent session key (col.5 line 17 to col.61ine 41). 

the step of generating a new key and encrypting the new key with the current session key 
and exchanging and the new key between the wireless local area network and the mobile 
terminal key (col.5 line 17 to col.61ine 41). 

the step of the wireless local area network and the mobile terminal generating a new 
session key employing the new session key and the secure seed, generating the new session 
key generation comprises the step of concatenating the said new key to the secure seed, the 
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step of generating a new session key by applying a hash algorithm on said concatenated result, 
and the step of using the said new session key in communication between the wireless local 
area network and mobile terminal key (col.5 line 17 to col.6 line 41). 

the terminal device comprises a mobile terminal and the communications network 
comprises a wireless local area network (Fig. 1, 5). 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to SYED ZIA whose telephone number is (571)272-3798. 
The examiner can normally be reached on 9:00 to 5:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

sz 

August 01, 2008 
/Syed Zia/ 

Primary Examiner, Art Unit 2131 



